Details of VAR-201906-0818

ID

VAR-201906-0818

CVE

CVE-2018-13382

TITLE

Fortinet FortiOS Authorization vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2018-015563

DESCRIPTION

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests. Fortinet FortiOS Exists in an authorization vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiOS is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Fortinet FortiOS 5.4.1 through 5.4.10, 5.6.0 to 5.6.8, and 6.0.0 through 6.0.4 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 2.61

sources: NVD: CVE-2018-13382 // JVNDB: JVNDB-2018-015563 // CNNVD: CNNVD-202104-975 // BID: 108697 // VULHUB: VHN-123436 // VULMON: CVE-2018-13382

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	gte	version:	5.4.1	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	5.6.9	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	6.0.5	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	1.2.9	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	5.4.11	Trust: 1.0
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	5.4.1 to 5.4.10	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.0.0 to 6.0.4	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	5.6.0 to 5.6.8	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	6.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	6.0.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	5.6.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	5.4.11	Trust: 0.3

sources: BID: 108697 // JVNDB: JVNDB-2018-015563 // NVD: CVE-2018-13382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13382
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2018-13382
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-13382
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-1025
value:	HIGH
Trust: 0.6
VULHUB:	VHN-123436
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-13382
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13382
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-123436
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13382
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2018-13382
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2018-015563
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-123436 // VULMON: CVE-2018-13382 // JVNDB: JVNDB-2018-015563 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-201905-1025 // NVD: CVE-2018-13382 // NVD: CVE-2018-13382

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.0
problemtype:	Inappropriate authorization (CWE-285) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-285	Trust: 0.1

sources: VULHUB: VHN-123436 // JVNDB: JVNDB-2018-015563 // NVD: CVE-2018-13382

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1025

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-123436

PATCH

title:	FG-IR-18-389	url:	https://fortiguard.com/advisory/FG-IR-18-389	Trust: 0.8
title:	Fortinet FortiOS Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92977	Trust: 0.6
title:	CVE-2018-13382	url:	https://github.com/milo2012/CVE-2018-13382	Trust: 0.1
title:	forti-vpn	url:	https://github.com/jam620/forti-vpn	Trust: 0.1
title:	Public-Exploits	url:	https://github.com/iojymbo/Public-Exploits	Trust: 0.1
title:	Public-Exploits	url:	https://github.com/iojymbo/public-exploits	Trust: 0.1
title:	exploits	url:	https://github.com/dhn/exploits	Trust: 0.1
title:	exploit-collection	url:	https://github.com/ugur-ercan/exploit-collection	Trust: 0.1
title:	SecBooks	url:	https://github.com/SexyBeast233/SecBooks	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/apt-groups-exploiting-flaws-in-unpatched-vpns-officials-warn/148956/	Trust: 0.1

sources: VULMON: CVE-2018-13382 // JVNDB: JVNDB-2018-015563 // CNNVD: CNNVD-201905-1025

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13382	Trust: 3.7
db:	BID	id:	108697	Trust: 0.9
db:	JVNDB	id:	JVNDB-2018-015563	Trust: 0.8
db:	EXPLOIT-DB	id:	49074	Trust: 0.7
db:	PACKETSTORM	id:	160130	Trust: 0.7
db:	CNNVD	id:	CNNVD-201905-1025	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1889	Trust: 0.6
db:	CS-HELP	id:	SB2021060122	Trust: 0.6
db:	CXSECURITY	id:	WLB-2020110183	Trust: 0.6
db:	VULHUB	id:	VHN-123436	Trust: 0.1
db:	VULMON	id:	CVE-2018-13382	Trust: 0.1

sources: VULHUB: VHN-123436 // VULMON: CVE-2018-13382 // BID: 108697 // JVNDB: JVNDB-2018-015563 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-201905-1025 // NVD: CVE-2018-13382

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-18-389	Trust: 1.8
url:	https://www.fortiguard.com/psirt/fg-ir-20-231	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13382	Trust: 1.4
url:	https://packetstormsecurity.com/files/160130/fortinet-fortios-6.0.4-password-modification.html	Trust: 1.2
url:	https://www.securityfocus.com/bid/108697	Trust: 1.2
url:	https://www.fortinet.com/products/fortigate/fortios.html	Trust: 0.9
url:	https://fortiguard.com/psirt/fg-ir-18-389	Trust: 0.9
url:	https://cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://i.blackhat.com/usa-19/wednesday/us-19-tsai-infiltrating-corporate-intranet-like-nsa.pdf	Trust: 0.6
url:	https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn/	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2020110183	Trust: 0.6
url:	https://www.exploit-db.com/exploits/49074	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortios-privilege-escalation-via-ssl-vpn-29413	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060122	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1889	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/285.html	Trust: 0.1
url:	https://github.com/milo2012/cve-2018-13382	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Ricardo Longatto,Meh Chang and Orange Tsai from DEVCORE Security Research Team.

Trust: 0.6

sources: CNNVD: CNNVD-201905-1025

SOURCES

db:	VULHUB	id:	VHN-123436
db:	VULMON	id:	CVE-2018-13382
db:	BID	id:	108697
db:	JVNDB	id:	JVNDB-2018-015563
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-201905-1025
db:	NVD	id:	CVE-2018-13382

LAST UPDATE DATE

2024-11-23T21:24:49.616000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123436	date:	2019-06-11T00:00:00
db:	VULMON	id:	CVE-2018-13382	date:	2021-06-03T00:00:00
db:	BID	id:	108697	date:	2019-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015563	date:	2024-05-31T07:01:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201905-1025	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2018-13382	date:	2024-11-21T03:46:59.660

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123436	date:	2019-06-04T00:00:00
db:	VULMON	id:	CVE-2018-13382	date:	2019-06-04T00:00:00
db:	BID	id:	108697	date:	2019-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015563	date:	2019-06-17T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201905-1025	date:	2019-05-27T00:00:00
db:	NVD	id:	CVE-2018-13382	date:	2019-06-04T21:29:00.373